Gavin Payne Transparent Data Encryption The Hows, Whys and Whens.

Slides:



Advertisements
Similar presentations
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Advertisements

II.I Selected Database Issues: 1 - SecuritySlide 1/20 II. Selected Database Issues Part 1: Security Lecture 2 Lecturer: Chris Clack 3C13/D6.
Principles of Information Security, 2nd edition1 Cryptography.
Overview and Roadmap for Microsoft SQL Server Security
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Apr 30, 2002Mårten Trolin1 Previous lecture – passwords Passwords for authentication –Storing hashed passwords –Use of salt Passwords for key generation.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Oracle Database 12c Data Protection and Multitenancy on Oracle Solaris 11 Xiaosong Zhu Senior Software Engineer Copyright © 2014, Oracle and/or its affiliates.
03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.
Gavin Payne Oracle for SQL Server DBAs. Why Oracle? Installation Physical Storage Backup and Recovery 20 slides in 50 minutes Inside the database Programmability.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
1 Database Security & Encryption
Encryption Methods By: Michael A. Scott
Informatics and Control Systems Faculty. Student: Levan Julakidze Informatics and Control Systems Faculty Doctorate II year Leader: Zurab Kochladze TSU.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
A Comprehensive Solution Team Mag 5 Valerie B., Derek C., Jimmy C., Julia M., Mark Z.
DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 
Roy Ernest Database Administrator Pinnacle Sports Worldwide SQL Server 2008 Transparent Data Encryption.
Key Management with the Voltage Data Protection Server Luther Martin IEEE P May 7, 2007.
ENCRYPTION Alex Piercey Erica Reid. What is Encryption?  Information secured to hide from the public  Used in many different ways but is mostly used.
SEC835 Practical aspects of security implementation Part 1.
Review of basic cryptographically algorithm Asymmetric encoding (Private and Public Keys), Hash Function, Digital Signatures and Certification.
Additional Security Tools Lesson 15. Skills Matrix.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Continuous Backup for Business CrashPlan PRO offers a paradigm of backup that includes a single solution for on-site and off-site backups that is more.
VM Azure Storage Backup to Azure Storage On Premise Data Files in Azure Storage Optionally Managed Microsoft Azure Secondary Primary AlwaysOn.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
CSCI 3140 Module 6 – Database Security Theodore Chiasson Dalhousie University.
Database Security Tampere University of Technology, Introduction to Databases. Oleg Esin.
CIS 325: Data Communications1 Chapter Seventeen Network Security.
Electronic Commerce School of Library and Information Science PGP and cryptography I. What is encryption? Cryptographic systems II. What is PGP? How does.
Private key
Lecture 3 Page 1 CS 236 Online Introduction to Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
SQL SATURDAY #444 – Kansas City, MO. A LOOK AT ALWAYS ENCRYPTED SQL SATURDAY #444 – KANSAS CITY, MO DAVE WALDEN PRINCIPAL SOLUTIONS ARCHITECT DB BEST.
The Encryption Primer Steve Jones Editor SQLServerCentral.
March 7, 2013 SQL Encryption and You By Todd Kleinhans
Over 18 yrs experience with SQL Server
Secure SQL Database with TDE Thomas Chan SQL Saturday Raleigh.
Information Systems Design and Development Security Precautions Computing Science.
Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President.
@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.
SQL Server Encryption Ben Miller Blog:
8 – Protecting Data and Security
Web Security.
Microsoft Connect /23/ :39 PM
Securing Your Data With SQL 2016 (An overview of Always Encrypted)
To Encrypt or Not Encrypt
Security Outline Encryption Algorithms Authentication Protocols
Planning an Effective Upgrade from SQL Server 2008
Managing Multi-user Databases
Designing Database Solutions for SQL Server
IS3230 Access Security Unit 9 PKI and Encryption
Encryption Not just for the NSA anymore
End to End Security and Encryption in SQL Server
Chapter 4 Cryptography / Encryption
Secure/Encrypt SQL Server Database With TDE
SQL Server 2016 Security Features
Presentation transcript:

Gavin Payne Transparent Data Encryption The Hows, Whys and Whens

Introduction to Encryption SQL Server Encryption Concepts Transparent Data Encryption Demo Considerations Introduction 60 minutes

Gavin Payne Solution Architect 3.5 years SQL Server DBA 10 years SQL Bits 7 SQL Server User Group SQL Social Bloghttp://blog.gavinpayneuk.com About Me

We all have information we want to hide from others To save embarrassment To keep trade secrets secret To comply with regulatory compliance (e.g. PCI-DSS) To comply with legal requirements (e.g. DPA) However: Some people might actively try and steal data Some people might accidentally find it Why Encrypt?

Plaintext Cipher Key Ciphertext Simple Encryption Concepts

Symmetric encryption Where the same key is used to encrypt AND decrypt Very fast but requires secure transport of the key Asymmetric encryption Public key encryption Different keys are used to encrypt and decrypt Either key on its own is useless Common Encryption Terms

Key Must assume the cipher is known and available Key makes the execution of the cipher unique Certificate Confirms the owner of a public key Using a verifiable 3 rd party digital signature Common Encryption Concepts dhuiowe5 hvg5u84yv87905yv89y47 89ny3v8924ytc79wdrnywgdrygsdfh

Why Is Database Encryption Needed?

Database Encryption Methods

SQL Server has a large internal encryption hierarchy Very flexible and self-sufficient All manageable via T-SQL Can hook into external encryption hardware Make sure you understand how to backup/restore! SQL Server Encryption

Common term also used by Oracle Transparent Data Encryption is new in SQL Server 2008 Enterprise Edition only feature Designed to protect data against unauthorised access at rest (MDFs, LDFs and backups) You can steal my disks but not my data What is TDE?

Turnkey database storage encryption tool Transparent to applications and code Operates at the IO level within SQL Server A slight performance overhead (approx 6%) As dev’s strive to reduce database IO the effect of encryption is also reduced What is TDE?

Enterprise Edition feature suggests enterprise need Primarily financial services and healthcare But theft of any data is grabbing more headlines Delivers complete database storage encryption With a comprehensive management framework When to use TDE

System/Service Master Key Database Master Key Server Certificate Database Encryption Key TDE Components

Demo

Backup SMK Create a new user database Create DMK, cert, DEK Encrypt DMVs Backup and then restore elsewhere Demo Summary

Key and certificate management is crucial Backup compression benefits lost entirely Backup portability severely hampered IO overhead quoted at about 6% Tempdb gets encrypted for everyone Things to be aware of

Encryption is based upon ciphers and keys Nothing new in the database world Although such a turnkey and complete option is Key management within SQL Server is crucial Backups and tempdb get encrypted as well as data Summary

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.